Industroyer Analysis

IOB - Indicator of Behavior (127)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
zh54
de10
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
ch42
cn28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Juniper Junos OS6
phpMyAdmin6
Juniper Junos OS Evolved4
RoundCube Webmail4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$2k-$5k$0-$1kProof-of-ConceptWorkaround0.010.00000
2adminlte cookie httponly flag5.55.5$2k-$5k$0-$1kNot DefinedOfficial Fix0.030.00885CVE-2021-3706
3ISPConfig sql injection6.36.3$1k-$2k$0-$1kNot DefinedOfficial Fix0.040.00885CVE-2021-3021
4Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$50k$2k-$5kNot DefinedOfficial Fix0.040.01404CVE-2022-2978
5phpMyAdmin Two-factor Authentication improper authentication6.36.0$5k-$10k$1k-$2kNot DefinedOfficial Fix0.040.00885CVE-2022-23807
6DSpace path traversal7.06.7$1k-$2k$0-$1kNot DefinedOfficial Fix0.000.00954CVE-2016-10726
7RouterOS Upgrade Package code download7.47.4$2k-$5k$0-$1kNot DefinedNot Defined0.060.01055CVE-2019-3977
8WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$2k-$5k$1k-$2kNot DefinedNot Defined0.000.00954CVE-2022-0651
9Crow HTTP Pipelining use after free8.58.4$2k-$5k$0-$1kNot DefinedOfficial Fix0.150.02509CVE-2022-38667
10mySCADA myPRO command injection9.29.0$2k-$5k$0-$1kNot DefinedOfficial Fix0.020.00885CVE-2022-2234
11GNU Bash Environment Variable variables.c Shellshock os command injection9.89.3$100k and more$0-$1kHighOfficial Fix0.000.96235CVE-2014-6271
12Microsoft Windows Remote Desktop Client Remote Code Execution8.87.7$100k and more$10k-$25kUnprovenOfficial Fix0.030.01728CVE-2021-38666
13MailGates/MailAudit command injection8.88.4$2k-$5k$0-$1kNot DefinedOfficial Fix0.000.02055CVE-2020-25849
14Juniper Junos OS J-Web input validation7.87.5$10k-$25k$1k-$2kNot DefinedOfficial Fix0.000.00885CVE-2021-0278
15Zeus Zeus Web Server memory corruption10.09.0$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.020.35205CVE-2010-0359
16WordPress Pingback server-side request forgery5.75.7$10k-$25k$5k-$10kNot DefinedNot Defined1.210.00885CVE-2022-3590
17Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$50k-$100k$10k-$25kUnprovenOfficial Fix0.150.02251CVE-2022-37958
18OSClass setJsonAlert sql injection7.37.0$2k-$5k$0-$1kNot DefinedOfficial Fix0.040.01319CVE-2014-8083
19Citrix Provisioning Services memory corruption8.58.4$10k-$25k$0-$1kNot DefinedOfficial Fix0.010.02578CVE-2016-9679
20FreeBSD Ping pr_pack stack-based overflow7.37.0$10k-$25k$5k-$10kNot DefinedOfficial Fix0.180.00000CVE-2022-23093

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/CMD_SELECT_USERSpredictiveHigh
3File/dashboard/updatelogo.phppredictiveHigh
4File/dcim/sites/add/predictiveHigh
5File/etc/openshift/server_priv.pempredictiveHigh
6File/forum/away.phppredictiveHigh
7File/goform/delAdpredictiveHigh
8File/xxxxx.xxxpredictiveMedium
9File/xxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
10File/xxxxx-xxxxxx/xxxxx.xxxpredictiveHigh
11File/xxxxxxpredictiveLow
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
15Filexx.xpredictiveLow
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
18Filexxxx.xxxpredictiveMedium
19Filexxxxx.xpredictiveLow
20Filexxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxx.xxxpredictiveMedium
23Filexxxxx.xxxxpredictiveMedium
24Filexxxxxx/xxxxxxxxxxx/xxxxxxxxpredictiveHigh
25Filexxxxxx/predictiveLow
26Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xpredictiveMedium
28Filexxx_xxxxx.xxxxpredictiveHigh
29Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
30Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
31File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
32File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xx.xxxpredictiveHigh
33File~/xxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxpredictiveLow
36ArgumentxxxpredictiveLow
37Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
38Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
39Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
40ArgumentxxxxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveLow
42ArgumentxxpredictiveLow
43Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxx_xxpredictiveLow
46ArgumentxxxxxxxxxxpredictiveMedium
47ArgumentxxxxxxpredictiveLow
48Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
49ArgumentxxxpredictiveLow
50ArgumentxxxpredictiveLow
51Argumentxxxxx/xxxxxpredictiveMedium
52Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
53Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
54Input Valuexxx_xxx_xxxx_xxxx'"><xxxxxx>xxxxx(/xxxxx.xx/)</xxxxxx>predictiveHigh
55Pattern() {predictiveLow
56Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!